Analyzing TCP Disconnects On Linux Or Unix
Dec 04, 2008, 01:03 (0 Talkback[s])
(Other stories by Mike Tremell)
[ Thanks to Mike
Golvach for this link. ]
"Since we've never actually covered this topic on this
blog before, it makes the most sense (to me, anyway) to lay down
the basics of a graceful TCP disconnect. If there's interest (On
your end or mine ;), we may follow up with further posts that delve
into more detail on the subject. This, of course, means that the
typical sequence of events laid out below isn't necessarily how
things are always going to go (there are slight differences between
Active and Passive disconnects, for one of more than a few
instances). For now, we'll stick to the nitty-gritty.
"The gracious TCP disconnect, in as much order as I could make
of it. The way it's "supposed" to work. This information is only as
reliable as your circumstances :) Note that all examples for this
post are from Solaris 10 and your explicit command names (like
netstat) may vary or have slightly different arguments you need to
pass them. Also, we'll note some ways that the TCP disconnect can
occur that are technically correct, but "unlike" the step-by-step
process listed below and generally big pains in the arse.
"Also, and this point is so important I'm giving it its own line
;), it helps to remember that, although a proper TCP "connection"
can only be established in one way (the infamous "Three Way
Handshake"), the same is not true of a TCP "disconnect." TCP (Over
Ethernet, to be precise) is duplexed, which means that it consists
of two flows of data; one flowing in either direction
simultaneously. Since all TCP requests have to be acknowledged
(unless you're just pulling the plug ;) a TCP disconnect is a 4-Way
process. Or, more correctly, a 4 "step" process."